This tutorial will show how to encrypt and decrypt and email between 2 users using PGP. One user will use Outlook 2013 and the other user will use a Gmail account using Google Chrome with an extension called Mailvelope. To read reasons as to why you would want to send an encrypted email, read my previous article.
PGP is commonly used for email encryption and uses public key cryptology. PGP stands for Pretty Good Privacy and is actually an open standard called OpenPGP. With PGP you must maintain both your public and private keys. You are responsible for exchanging keys with other recipients. There are key server that help with the distribution of keys to other. You can also post your public key on a public website or forum for all to see. Your private key should remain private. It is a secret and the passphrase to secure it should also remain a secret. When you encrypt a message using someone’s public key they will use their private key to decrypt it along with their passphrase. As long as the private key and passphrase remain unknown to an observer, they should not be able to decrypt the message.
To use the encryption in Outlook 2013 we are going to use an open source, free program called GPG4Win. That is short for GNU Privacy Guard for Windows and implements the OpenPGP standard. Visit http://gpg4win.org and download the latest installation package from their site. After you have downloaded and installed it, open the program called Kleopatra so we can generate keys for our user who is using Outlook.
- Click on File, New Certificate.
- Click Create a personal OpenPGP key pair
- Enter your Name and Email address
- Click Advance Settings. You have the option to change the key details. You can make the RSA 4096 bit for extra strength. You can also put an expiration date on the key as well if you would like it to expire.
- Click Ok, Next and then Create Key
- Enter in a passphrase. You will need this passphrase when you are decrypting a message sent to you. The stronger it is the better. It also gives some direction if you’d like to help the random number generator create a stronger key
- After you have created the key, you have the option to Backup the private key, Email your public key or Upload the public key to a key server. These are all optional. You need to keep your private key a secret. The public key can be seen by anyone without compromising your security, however. You can post it to a public website or forum or send it in an email with plain text to someone that you would like to have a secure email exchange with in the future. It is best to have a backup of both keys but be sure the private key is in a safe place.
- Click Finish
We are now going to install Mailvelope on Chrome. I am using Chromium on Mint Linux in the screenshots but it will work fine on with Chrome on Windows or a Mac.
- Open Chrome and visit http://mailvelope.com/. Scroll down and click the link to go to the Mailvelope Chrome Extension. Install it by clicking the +FREE button.
- Click the Mailvelope icon on the upper right corner of Chrome and select options.
- Click Generate Keys under Key ring on the left hand side of the page.
- Enter your Name, Email address and passphrase. You can also change any of the Advanced options like before as well. Click Submit when completed.
- The same rules apply as above in regards to the public and private keys.
We now need to exchange public keys.
- Our Chrome user will click on Display Keys while in Mailvelope.
- Highlight your key pair and then click Export
- Click on Display Public Key. Click on Create File to download copy to your computer.
- We are going to send that downloaded file as an attachment to the Outlook User.
The Outlook user must now save the attachment and import it into the Kleopatra program. After the attachment is saved to the computer, open Kleopatra and the Import Certificates button. Find the certificate and import it. Click OK when completed.
You are now ready to exchange Encrypted email! We’ll start with the Gmail user sending something encrypted to the Outlook user.
- Compose a new email in Gmail. When you hover your mouse over the body of the email you should see where you can click a box that Mailvelope place there in the upper right corner.
- Type in your message and then hit the padlock on the right. Select the user you would like to send it to and then hit Add. Click OK and you will see your encrypted message. Click Transfer.
- This will add the encrypted block to the body of the email. You must enter in the email address it is going to again. It must match who you encrypted it for. Add a subject but remember your subject is going to stay in plain text. Click Send when you ready to send it.
The Outlook user should now have received the encrypted message.
- Double click it so it has its own window. Click the GpgOL tab at the top and then click Decrypt
- You must enter in your passphrase you used when you created the private key that is used to decrypt this message at the beginning of this procedure. Click Finish.
- You should now see the decrypted contents of the message.
- When you close the email window it will ask if you want to save the changes. Saving changes will make it so the decrypted contents are saved to the email, otherwise the encrypted version will remain. How secret the contents of the email are should dictate how you handle that question. Keep in mind if you sync with a server because the contents will then be unencrypted and a network administrator with enough access can potentially can read the message.
Now the Outlook user will send an encrypted email in Outlook to the other user.
- Create a new email message as you normally would. Enter in the recipient, subject and body for the email. Once satisfied with the message, click the GpgOL tab and click Encrypt.
- Select the user it is going to in the dialog box presented to you and hit OK.
- It will then encrypt that message. Hit send when ready.
The Gmail user should now see the encrypted email message.
- Once you open the message, Mailvelope will detect a PGP message and highlight it.
- Click the lock pad in the center and then enter your passphrase associated with the private key for this user.
- Once you click OK, you should see the message in its decrypted form.
- When you leave that message Mailvelope does not have the option to save it in a decrypted form.
Mailvelope works with other email systems. If you have a webmail system Mailvelope doesn’t work with by default, you can click Add Page under the Mailvelope icon in Chrome and it will then attempt to work with your webmail system. It is currently under development for Firefox.
Also, note that these were test accounts and no one will see the email if you send anything to them. If you’d like to test for yourself, my public key for is located here and we can exchange encrypted emails.